In 2014, data breaches rose to such an extent that we called it “The Year of the Data Breach.” Unfortunately, data breaches in 2015 exceeded those figures, with 781 breaches of 169 million records exposed, up from the 83 million records exposed in 2014. Breaches are up, with mega-breaches affecting the US Government’s Office of Personnel Management, CVS and T-Mobile. And there’s no end in sight.
I recently examined the issue of growing data breaches from a regulation standpoint on CSO Online. My article, Security Negligence Goes to Court, examines the challenges in regulation: what precautions should be mandatory and how do you make consequences meaningful? To examine these questions, I look closely at two areas where we can see the future of compliance trends.
First, I look at the Federal Trade Commission (FTC) and its recent attempts to more aggressively pursue its cybersecurity authority, which has been discussed here on InTelligence. Looking to recent court decisions, I believe the FTC has already proven its ability to institute cybersecurity requirements pursuant to the agency’s authority to prevent “unfair or deceptive practices” and that fewer organizations will be challenging that authority in future; we will likely see more settlements as the result of FTC actions.
Second, I look at the impact of European Union privacy rules, particularly how the long-awaited General Data Protection Regulation could have significant repercussions for how organization are required to store and move data, both at a domestic and international level (more on this here).
Read the full article on CSO Online here. If you have any questions, leave a comment and I’ll chime in.